Meet the Mayku Multiplier: the ultimate machine for creative businesses
Designed to optimize product manufacturing and prototyping, the Multiplier by Mayku could change batch production forever.
Read More
Blog
- Home /
- Blog
Nasty Instagram vulnerability could have given hackers the keys to the kingdom
After auditing the security of Instagram's apps for Android and iOS, security researchers from Check Point have discovered a critical vulnerability that could be used to perform remote code execution on a victim's smartphone.
The security firm began its investigation into the popular social media app with the aim of examining the 3rd party projects it uses. Many software developers of all sizes utilize open source projects in their software to save time and money. During its security audit of Instagram's apps, Check Point found a vulnerability in the way that the service utilizes the open source project Mozjpeg as its JPEG format decoder for uploading images.
The vulnerability was discovered by fuzzing the open source project. For those unaware, fuzzing involves deliberately placing or injecting garbled data into a specific application or program. If the software fails to properly handle the unexpected data, developers can then identity potential security weaknesses and address them before users are put at risk.
- We've put together a list of the best antivirus software on the market
- Protect your privacy online with one of the best VPN services
- We've also highlighted the best open source software
To exploit the vulnerability in Instagram's mobile apps, an attacker would only need to send a potential victim a single, malicious image via email or social media. If this picture is then saved to a user's device, it would trigger the exploitation of the vulnerability once a victim opens the app which would then give an attacker full access to their device for remote takeover.
Remote code execution vulnerability
The vulnerability discovered by Check Point's researchers gives an attacker full control over a user's Instagram app which would allow them to read direct messages, delete or post photos or change a user's account profile details. However, since Instagram has extensive permissions on a user's device, the vulnerability could be used to access their contents, location data, camera and any files stored on their device.
Upon their discovery, the firm's researchers responsibly disclosed their findings to Facebook and the social media giant then described the vulnerability, tracked as CVE-2020-1895, as an Integer Overflow leading to Heap Buffer Overflow. Facebook then issued a patch to address the vulnerability while Check Point waited six months to publish a blog post on its discovery.
Head of cyber research at Check Point, Yaniv Balmas provided further insight on the potential dangers of using 3rd party code, saying:
“This research has two main takeaways. First, 3rd party code libraries can be a serious threat. We strongly urge developers of software applications to vet the 3rd party code libraries they use to build their application infrastructures and make sure their integration is done properly. 3rd party code is used in practically every single application out there, and it's very easy to miss out on serious threats embedded in it. Today it's Instagram, tomorrow – who knows?”
- Also check out our roundup of the best Android antivirus apps
Date
28 Sep 2020Sources
Other Blog
-
-
TalkTalk takes the title of best Black Friday broadband deal this year
Read MoreIf your broadband contract is ending soon, then lady luck must be shining on you. It's a fantastic time to get a new broadband deal thanks to Black Friday.
Vodafone has been creating a storm with what it's calling its "best ever broadband deal". For £20 per month and nothing up front, you can sign up for a two-year contract to its superfast 67Mb fibre broadband. Make no mistake... that is a sensational price, and, in normal circumstances, would be head and shoulders ahead of the rest.
But these are not normal times, and the competition around Black Friday broadband deals is hotter than ever this year. So you need to check out the offer TalkTalk is offering.
With the same average speeds and a shorter commitment (18 months), you can get TalkTalk for the same monthly price. But, where this provider ups the ante is with its limited-time freebie. Sign up by Sunday and it will send you a £70 gift card that you can spend at your choice of Amazon.co.uk, M&S, Tesco, or just as a pre-paid credit card you can use anywhere you wish.
These two Black Friday broadband deals in full:
TalkTalk Fibre 65 Broadband: 18 months | Avg speeds 67Mb | FREE activation | £20 per month + £70 voucher
TalkTalk's Fibre 65 broadband plan is an all-round fantastic option, standing out as the best Black Friday fibre broadband plan this year. Here you're only paying £20 a month but getting speeds averaging 67Mb - easily one of the cheapest prices for that kind of speed. On top of that, you'll also get a £70 voucher with this deal.
Vodafone Superfast 2: 24 months | Avg speeds 67Mb | FREE activation | £20 a month
Look familiar? This is almost identical to the TalkTalk deal above, but this one doesn't have that all-important gift card. For anybody trying to lock in a bargain monthly cost for as long as possible, however, the longer contract Vodafone is offering may just appeal.How to claim your gift card
In order to qualify for TalkTalk's gift card, you need to place your order by midnight this Sunday night (November 28).
After that, there is a bit of waiting... TalkTalk says that the voucher will be sent out by email up to 90 days after your order date. So we're afraid you won't have the chance to use it for any Amazon Black Friday deals this year.
Once it lands in your inbox, there's a 150 day time limit on using. And it probably goes without saying that no vouchers will be sent out on orders that are cancelled.
More Black Friday deals:
- Amazon: up to 45% off Echo, Kindle and more for Black Friday
- Adidas: half-price trainers, tees, tracksuits and exercise gear
- Argos: Christmas decorations and stocking fillers from just £6
- Boots: better than half-price fragrances, beauty and gift sets
- Currys: record low prices on LG OLED TVs, coffee machines and laptops
- Dell: sneak peek sale live with 35% off laptops and monitors
- eBay: discounted Christmas gifts from small and independent sellers
- Ebuyer: SSDs from £21.99, 44% off laptops and Razer gaming chairs for £279.99
- Emma Sleep: mattresses and bed bundles starting from £299
- JD Sports: trainers from Nike, Adidas and Puma at up to 50% off
- Microsoft: save up to £450 on the Surface Pro 7
- Nectar: get 45% off any mattress and up to 30% off bedding
- Nintendo Switch: get a Nintendo Switch with Immortals: Fenyx Rising free
- Simply Be: discounts of up to 50% on coats, jackets and cardigans
- Very: £130 off Shark Anti Hair Wrap vacuum, £50 off Beats Solo 3 headphones, more
- Wayfair: save on furniture, rugs, desks and lighting
-
How Infrastructure as Code can automate and scale security
It’s time to bring efficiency, speed, and automation to cloud-native applications -- using IaC.
Read More -
The best Ultrabooks in Australia for 2021: top thin and light laptops reviewed
Here's TechRadar's definitive list of the best Ultrabooks
Read More
Find Out More About Us
Want to hire best people for your project? Look no further you came to the right place!